New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CS0-003 Exam - Topic 4 Question 46 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 46
Topic #: 4
[All CS0-003 Questions]

A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated to a new account. Afterward, a deposit was made into the unauthorized account. Which of the following is one of the first actions the incident response team should take when they receive notification of the attack?

Show Suggested Answer Hide Answer
Suggested Answer: B

In case of a phishing attack, it's crucial to review what actions were taken by the employee and analyze the phishing email to understand its nature and impact.Reference:CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 6, page 246;CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 6, page 255.


by Lorriane at Jul 09, 2025, 04:02 PM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jeanice
2 months ago
I thought D was a no-brainer, but B makes sense too.
upvoted 0 times
...
Merri
2 months ago
A scan is good, but B is more critical first step.
upvoted 0 times
...
Vonda
3 months ago
Surprised they fell for that! How did they not verify?
upvoted 0 times
...
Kathryn
3 months ago
Wait, why would you terminate the employee? Seems harsh!
upvoted 0 times
...
Marjory
3 months ago
Definitely B, need to see what went wrong.
upvoted 0 times
...
Lashon
3 months ago
I recall a similar scenario where assigning security awareness training was suggested, but I wonder if that should come after we investigate the email.
upvoted 0 times
...
Patti
4 months ago
I feel like contacting HR to recommend termination is a bit extreme. We should focus on understanding the incident first, right?
upvoted 0 times
...
Raymon
4 months ago
I'm not entirely sure, but scanning the employee's computer might be important too. I remember a practice question where we had to check for malware first.
upvoted 0 times
...
Cammy
4 months ago
I think the first step should be to review the actions taken by the employee and the email related to the event. It makes sense to understand what happened before jumping to conclusions.
upvoted 0 times
...
Tamera
4 months ago
I feel pretty good about this one. The incident response team should definitely start by reviewing the actions and email related to the phishing attack, as option B suggests. That will give them the information they need to determine the appropriate next steps, whether that's security awareness training or something else.
upvoted 0 times
...
Shonda
4 months ago
Okay, let's think this through. The key here is to respond quickly and effectively to the phishing attack. I think option B is the best choice - we need to review the details of what happened before we can decide on the next steps. Scanning the computer or terminating the employee might be premature at this stage.
upvoted 0 times
...
Telma
5 months ago
Hmm, I'm a little unsure about this one. Should we be scanning the employee's computer right away? Or is that jumping the gun a bit? I'm leaning towards option B, but I'm not 100% confident.
upvoted 0 times
...
Milly
5 months ago
This seems like a pretty straightforward incident response question. I'd go with option B - reviewing the actions taken by the employee and the email related to the event. That seems like the logical first step to gather information and understand what happened.
upvoted 0 times
...
Ashley
7 months ago
Scanning the computer is a good idea, but reviewing the incident is the top priority. B is the way to go.
upvoted 0 times
...
Apolonia
7 months ago
Haha, terminating the employee? That's a bit extreme, don't you think? Let's go with B and help the poor guy out.
upvoted 0 times
Glory
6 months ago
A) Scan the employee's computer with virus and malware tools.
upvoted 0 times
...
...
Mirta
7 months ago
Assigning security awareness training to the employee involved in the incident could help prevent similar attacks in the future.
upvoted 0 times
...
Youlanda
7 months ago
I agree, B is the right choice. We need to analyze the details to identify the attacker's tactics and improve our security measures.
upvoted 0 times
Holley
5 months ago
B) Review the actions taken by the employee and the email related to the event
upvoted 0 times
...
Julie
5 months ago
A) Scan the employee's computer with virus and malware tools.
upvoted 0 times
...
...
Ramonita
7 months ago
Definitely B. Reviewing the employee's actions and the email is crucial to understanding the attack and preventing future incidents.
upvoted 0 times
Maile
6 months ago
B) Review the actions taken by the employee and the email related to the event
upvoted 0 times
...
Bev
7 months ago
A) Scan the employee's computer with virus and malware tools.
upvoted 0 times
...
...
Dolores
7 months ago
I believe scanning the employee's computer with virus and malware tools should also be a priority to ensure no other systems are compromised.
upvoted 0 times
...
Blossom
7 months ago
I agree with Kasandra. It's important to understand how the attack happened before taking any further actions.
upvoted 0 times
...
Kasandra
8 months ago
I think the incident response team should review the actions taken by the employee and the email related to the event.
upvoted 0 times
...

Save Cancel